WO2020155812A1 - Procédé et dispositif de stockage de données, et appareil - Google Patents

Procédé et dispositif de stockage de données, et appareil Download PDF

Info

Publication number
WO2020155812A1
WO2020155812A1 PCT/CN2019/120669 CN2019120669W WO2020155812A1 WO 2020155812 A1 WO2020155812 A1 WO 2020155812A1 CN 2019120669 W CN2019120669 W CN 2019120669W WO 2020155812 A1 WO2020155812 A1 WO 2020155812A1
Authority
WO
WIPO (PCT)
Prior art keywords
subkey
master key
data
user
key
Prior art date
Application number
PCT/CN2019/120669
Other languages
English (en)
Chinese (zh)
Inventor
应鹏飞
殷山
Original Assignee
阿里巴巴集团控股有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 阿里巴巴集团控股有限公司 filed Critical 阿里巴巴集团控股有限公司
Publication of WO2020155812A1 publication Critical patent/WO2020155812A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Definitions

  • the embodiments of this specification relate to the field of information technology, and in particular to a data storage method, device, and equipment.
  • an embodiment of this specification provides a data storage method, including:
  • an embodiment of this specification provides a decryption method based on the above double-layer encrypted file, including:
  • an embodiment of this specification also provides a data storage device, including:
  • the subkey encryption module obtains a randomly generated subkey, symmetrically encrypts the data to be stored using the subkey, and generates subkey encrypted data;
  • the master key encryption module obtains a master key generated based on user information, and uses the master key to symmetrically encrypt the subkey to generate a subkey ciphertext, wherein the user information includes user password or user biometric information ;
  • the merging module merges the sub-key encrypted data and the sub-key ciphertext to generate a double-layer encrypted file
  • the storage module stores the double-layer encrypted file.
  • an embodiment of this specification also provides a decryption device based on the aforementioned double-layer encrypted file, including:
  • the determining module determines the subkey encrypted data and the subkey ciphertext contained in the double-layer encrypted file
  • the master key decryption module obtains the master key authorized by the user, uses the master key to decrypt the subkey ciphertext, and generates a subkey, wherein the master key is generated based on user information;
  • the subkey decryption module uses the generated subkey to decrypt the subkey encrypted data and generates usable decrypted data for the user to use.
  • multiple data is encrypted by the subkey, and the subkey is encrypted by the master key at the same time, so as to merge to form a double-layer encrypted file.
  • Each double-layer encrypted file contains the subkey secret used to decrypt the data.
  • the master key used to decrypt the sub-key ciphertext is stored in the user's hands, forming an independent dual-key encryption method, which reduces the possibility of information leakage and helps protect user privacy.
  • any one of the embodiments of the present specification does not need to achieve all the above-mentioned effects.
  • FIG. 1 is a schematic flowchart of a data storage method provided by an embodiment of this specification
  • Figure 2 is a schematic diagram of an overall architecture involved in an embodiment of the specification
  • FIG. 3 is a schematic flowchart of a method for decrypting a double-layer encrypted file provided by an embodiment of this specification
  • Figure 4 is a schematic structural diagram of a data storage device provided by an embodiment of this specification.
  • FIG. 5 is a schematic structural diagram of a decryption device for double-layer encrypted files provided by an embodiment of this specification
  • Fig. 6 is a schematic structural diagram of a device for configuring the method of the embodiment of this specification.
  • Fig. 1 is a schematic flowchart of a data storage method provided by an embodiment of this specification. As shown in Fig. 1, the process specifically includes the following steps:
  • the data to be stored can be provided by the user immediately; it can also be a file that the user has uploaded and stored in a specified path.
  • the specified path here can include the local path of the user device or The path on the server that connects with the user client.
  • the data may include various forms of data such as audio, video, text, image (such as picture, dynamic picture GIF, etc.).
  • S103 Obtain a randomly generated subkey, use the subkey to symmetrically encrypt the data to be stored, and generate subkey encrypted data.
  • the subkey is a parameter in the preset encryption algorithm.
  • the form of the subkey is a character string. When a symmetric encryption algorithm is used, its length is generally 128 bits or 256 bits.
  • the encryption algorithm is used to convert the data to be stored from plain text to cipher text to generate sub-key encrypted data.
  • the encryption algorithm is a symmetric encryption algorithm. In other words, based on the subkey, the generated subkey can encrypt data and convert it back to the plaintext form of the data to be stored.
  • S105 Obtain a master key generated based on user information, and use the master key to symmetrically encrypt the subkey to generate a subkey ciphertext, where the user information includes a user password or user biometric information.
  • the subkey is also required for subsequent decryption.
  • the subkey is also in a plaintext state. Therefore, the subkey can also be symmetrically encrypted to generate the subkey ciphertext.
  • a preset key derivation function may be used to generate a master key based on user information. Then use the master key to encrypt the subkey to obtain the subkey ciphertext.
  • the master key can be encrypted based on DEs-based UNIX Crypt-function, FreeBSD MD5 crpty, PKCS#5 PBKDF2, GNU SHA-256/512 crypt, Windows NT LAN Manager (NTLM) hash, or Blowfish-based bcrypt.
  • NTLM Windows NT LAN Manager
  • the same master key can be obtained. Therefore, when the master key needs to be used again, the user can directly provide the master key, or the user provides the same user information again, and the preset key derivation function generates the same master key based on the same user information.
  • the master key should have the following properties: it is very unlikely that other users will get the master key. Therefore, in practical applications, it is possible to ensure that it is difficult for other users to obtain the master key by the following methods: the generated master key is held by the user and stored in a path or file that only the user can reach, for example, the generated master key The master key is physically isolated from other data; or, the generated master key is not saved, only the user can reproduce the master key again. At this time, an practicable way is to generate a master key based on unique user information, and it is very unlikely that other users will obtain the user information. For example, the user's account password, or the user's biometric information, etc. The biometric information may include unique biometrics such as fingerprints, voiceprints, iris, etc. In this way, when the master key needs to be used again, the above-mentioned unique biological characteristics can be used as parameters to generate the same master key based on the same KDF function.
  • S107 Combine the sub-key encrypted data and the sub-key cipher text to generate a double-layer encrypted file, and store it.
  • FIG. 2 is a schematic diagram of an overall architecture involved in an embodiment of the specification.
  • the user has stored the ID card information in the form of a double-layer encrypted file through his personal master key.
  • H in the figure represents the file header of the double-layer encrypted file, which is the subkey ciphertext obtained after the main key encrypts the subkey.
  • the file header in addition to the subkey ciphertext, other information may also be included. For example, it may also include the name of the encryption algorithm used when the subkey encrypts the data to be stored for prompting.
  • different encrypted files are encrypted with different subkeys, so the file headers are also different.
  • the user stores the information on a designated cloud disk. In practical applications, it is also feasible to store the information on the user's local device.
  • obtaining a randomly generated subkey includes: randomly obtaining multiple different subkeys for each data to be stored. For example, when users need to store their ID cards, driving licenses, and social files separately. Then every time a file is obtained, a random subkey can be generated based on the system time when the file is obtained. Using different subkeys for different files can further enhance data security.
  • the same master key generated based on user information can also be obtained; the same master key is used to symmetrically encrypt multiple subkeys, and generate Multiple sub-key ciphertexts generated by the same master key encryption, wherein the sub-key ciphertext corresponds to the data to be stored in a one-to-one correspondence.
  • the advantage of using the same master key to encrypt multiple subkeys is that it is convenient for user management. For example, when the user's double-layer encrypted file is stored in the cloud, the user can use a master key to log in, add encrypted files, delete encrypted files, etc., to manage multiple files in the cloud. In addition, users can also use multiple encrypted files by authorizing a master key to a third party.
  • the sub-key encrypted data and the sub-key cipher text can be directly spliced, or one file can be inserted into another file. For example, place the subkey ciphertext at the head, tail, or the middle position of the specified offset of the subkey encrypted data.
  • the format of the double-layer encrypted file can be pre-defined as "file header + file body", in which the file header with a certain length is preset, the subkey ciphertext is placed in the file header, and the file body is placed with the subkey Encrypt data. Therefore, when decryption is needed, the file header can be directly decrypted by the subkey to obtain the subkey ciphertext, which is convenient for decryption and subsequent use.
  • FIG. 3 is a method provided by an embodiment of this specification.
  • the schematic flow diagram of the decryption method for double-layer encrypted files includes:
  • S301 Determine the sub-key encrypted data and the sub-key cipher text contained in the double-layer encrypted file; for example, directly read the sub-key encrypted data and the sub-key cipher text from the file header and file body of the double-layer encrypted file;
  • S305 Use the generated subkey to decrypt the subkey encrypted data, and generate usable decrypted data for the user to use.
  • the master key and subkey can be used directly for symmetric decryption in the embodiments of this specification.
  • the data storage party for example, the cloud storing the data
  • the authorization object of the master key can be the user himself, for example, when the user logs in to the account successfully, the authorization is successful by default.
  • the authorized object of the master key may also be a third party. For example, when a user uses some third-party applications, the third-party application is allowed to use his own master key to perform certain specific authority operations, including query, verification, and so on.
  • a program application APP for data storage methods is provided in the user's local device (which may include a smart phone, a personal computer, a smart tablet, etc.), and the user
  • An account is established on the APP, and the APP creates a master key through the user's login password or the user's biological characteristics (fingerprints, voiceprints, etc.). Therefore, when the user uses the login password or biometrics, the master key is uniquely determined.
  • the user can provide the file he wants to encrypt in the interface provided by the APP by dragging, selecting, and other operations in the interface .
  • the APP randomly generates a subkey for encryption at this time to encrypt the file.
  • the master key encrypts the subkey to obtain the subkey ciphertext, and puts the subkey ciphertext in the head to generate an encrypted double-layer file.
  • the APP can receive instructions from the user to determine the storage location; or, provide corresponding location setting options to store the encrypted double-layer file in the storage location selected by the user in advance.
  • the storage location can be in the user's local device or in the server docking with the APP.
  • the user can authorize the master key to provide the third party with the master key when verification is required, so that the third party can rely on the master key.
  • the key authorization goes to the server to request, and the server decrypts the user's personal information based on the master key, and performs the verification.
  • the user only needs to use a master key to manage multiple data; on the other hand, the user only needs to store personal data in encrypted form on the server, without the need for third parties (in fact, the first The number of three parties is quite large) Provide their own private information to avoid the leakage of their own data by third parties.
  • FIG. 4 is a schematic structural diagram of a data storage device provided by an embodiment of this specification, the device includes:
  • the determining module 401 determines the data to be stored
  • the subkey encryption module 403 obtains a randomly generated subkey, uses the subkey to symmetrically encrypt the data to be stored, and generates subkey encrypted data;
  • the master key encryption module 405 obtains a master key generated based on user information, and uses the master key to symmetrically encrypt the subkey to generate a subkey ciphertext, wherein the user information includes a user password or user biometric characteristics information;
  • the merging module 407 merges the sub-key encrypted data and the sub-key ciphertext to generate a double-layer encrypted file
  • the storage module 409 stores the double-layer encrypted file.
  • the master key encryption module 405 obtains a master key generated in advance according to user information from a path specified by the user; or, obtains user information, and uses a preset key derivation function to generate a master key based on the user information. key.
  • subkey encryption module 403 randomly obtains multiple different subkeys for each data to be stored.
  • the master key encryption module 405 obtains the same master key generated based on user information; uses the same master key to symmetrically encrypt multiple sub-keys respectively, and generates multiple sub-key secrets generated based on the same master key encryption.
  • the ciphertext of the subkey corresponds to the data to be stored.
  • the merging module 407 uses the subkey ciphertext as a file header, merges the subkey encrypted data, and generates a double-layer encrypted file whose file header does not exceed a preset length.
  • an embodiment of this specification also provides a decryption device for double-layer encrypted files, as shown in FIG. 5, which is a schematic structural diagram of a decryption device for double-layer encrypted files provided by the embodiment of this specification ,include:
  • the determining module 501 determines the subkey encrypted data and the subkey ciphertext contained in the double-layer encrypted file
  • the master key decryption module 503 obtains a master key authorized by the user, uses the master key to decrypt the subkey ciphertext, and generates a subkey, wherein the master key is generated based on user information;
  • the subkey decryption module 505 uses the generated subkey to decrypt the subkey encrypted data to generate usable decrypted data for the user to use.
  • the embodiment of this specification also provides a computer device, which at least includes a memory, a processor, and a computer program stored in the memory and capable of running on the processor, wherein the processor implements the data shown in FIG. 1 when the program is executed. Storage method.
  • FIG. 6 shows a more specific hardware structure diagram of a computing device provided by an embodiment of this specification.
  • the device may include a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050.
  • the processor 1010, the memory 1020, the input/output interface 1030, and the communication interface 1040 realize the communication connection between each other in the device through the bus 1050.
  • the processor 1010 may be implemented by a general CPU (Central Processing Unit, central processing unit), microprocessor, application specific integrated circuit (Application Specific Integrated Circuit, ASIC), or one or more integrated circuits, etc., for execution related Program to realize the technical solutions provided in the embodiments of this specification.
  • CPU Central Processing Unit
  • ASIC Application Specific Integrated Circuit
  • the memory 1020 may be implemented in the form of ROM (Read Only Memory), RAM (Random Access Memory, random access memory), static storage device, dynamic storage device, etc.
  • the memory 1020 may store an operating system and other application programs. When the technical solutions provided in the embodiments of the present specification are implemented through software or firmware, related program codes are stored in the memory 1020 and called and executed by the processor 1010.
  • the input/output interface 1030 is used to connect an input/output module to realize information input and output.
  • the input/output/module can be configured in the device as a component (not shown in the figure), or can be connected to the device to provide corresponding functions.
  • the input device may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and an output device may include a display, a speaker, a vibrator, an indicator light, and the like.
  • the communication interface 1040 is used to connect a communication module (not shown in the figure) to realize the communication interaction between the device and other devices.
  • the communication module can realize communication through wired means (such as USB, network cable, etc.), or through wireless means (such as mobile network, WIFI, Bluetooth, etc.).
  • the bus 1050 includes a path for transmitting information between various components of the device (for example, the processor 1010, the memory 1020, the input/output interface 1030, and the communication interface 1040).
  • the above device only shows the processor 1010, the memory 1020, the input/output interface 1030, the communication interface 1040, and the bus 1050, in the specific implementation process, the device may also include the equipment necessary for normal operation. Other components.
  • the above-mentioned device may also include only the components necessary to implement the solutions of the embodiments of this specification, and not necessarily include all the components shown in the figures.
  • the embodiment of this specification also provides a computer-readable storage medium on which a computer program is stored, and when the program is executed by a processor, the data storage method shown in FIG. 1 is implemented.
  • Computer-readable media includes permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology.
  • the information can be computer-readable instructions, data structures, program modules, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
  • a typical implementation device is a computer.
  • the specific form of the computer can be a personal computer, a laptop computer, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email receiving and sending device, and a game control A console, a tablet computer, a wearable device, or a combination of any of these devices.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne un procédé et un dispositif de traitement de données, ainsi qu'un appareil. Le procédé comprend les étapes suivante: pendant le stockage de données, chiffrer de multiples éléments de données au moyen d'une sous-clé, et chiffrer la sous-clé au moyen d'une clé maîtresse, de façon à effectuer une fusion pour former des fichiers chiffrés à double couche, chaque fichier chiffré à double couche contenant un texte chiffré de sous-clé pour le déchiffrement de données, et la clé maîtresse pour décrypter le texte chiffré de sous-clé étant conservée par un utilisateur, ce qui permet d'obtenir une technique de chiffrement utilisant deux clés indépendantes pour le stockage de données.
PCT/CN2019/120669 2019-01-31 2019-11-25 Procédé et dispositif de stockage de données, et appareil WO2020155812A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910095110.3A CN110032874A (zh) 2019-01-31 2019-01-31 一种数据存储方法、装置及设备
CN201910095110.3 2019-01-31

Publications (1)

Publication Number Publication Date
WO2020155812A1 true WO2020155812A1 (fr) 2020-08-06

Family

ID=67235504

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/120669 WO2020155812A1 (fr) 2019-01-31 2019-11-25 Procédé et dispositif de stockage de données, et appareil

Country Status (3)

Country Link
CN (1) CN110032874A (fr)
TW (1) TW202031010A (fr)
WO (1) WO2020155812A1 (fr)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110032874A (zh) * 2019-01-31 2019-07-19 阿里巴巴集团控股有限公司 一种数据存储方法、装置及设备
CN112825095A (zh) * 2019-11-20 2021-05-21 北京京东尚科信息技术有限公司 用于保护应用中敏感信息的方法、装置、电子设备和介质
CN111181920A (zh) * 2019-12-02 2020-05-19 中国建设银行股份有限公司 一种加解密的方法和装置
CN111628864A (zh) * 2020-06-05 2020-09-04 微位(深圳)网络科技有限公司 一种使用sim卡进行密钥安全恢复的方法
CN112613058A (zh) * 2020-12-30 2021-04-06 绿盟科技集团股份有限公司 一种加密密钥的找回方法、装置、电子设备及存储介质
CN116383844B (zh) * 2023-03-31 2024-02-09 深圳市博通智能技术有限公司 基于大数据自动化综合管理分析系统、方法、介质及设备

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105245328A (zh) * 2015-09-09 2016-01-13 西安电子科技大学 一种基于第三方的用户及文件的密钥产生管理方法
CN106529308A (zh) * 2015-09-10 2017-03-22 深圳市中兴微电子技术有限公司 一种数据加密方法、装置及移动终端
CN108768638A (zh) * 2018-06-01 2018-11-06 北京爱普安信息技术有限公司 一种消息加密的方法及装置
CN108900533A (zh) * 2018-08-01 2018-11-27 南京荣链科技有限公司 一种共享数据隐私保护方法、系统、终端及介质
CN110032874A (zh) * 2019-01-31 2019-07-19 阿里巴巴集团控股有限公司 一种数据存储方法、装置及设备

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE60128290T2 (de) * 2000-05-11 2007-08-30 Matsushita Electric Industrial Co., Ltd., Kadoma Vorrichtung zur Dateienverwaltung
CN101800811B (zh) * 2010-02-02 2012-10-03 中国软件与技术服务股份有限公司 手机数据安全防护方法
CN104717195A (zh) * 2013-12-17 2015-06-17 中国移动通信集团福建有限公司 业务系统密码管理方法和装置

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105245328A (zh) * 2015-09-09 2016-01-13 西安电子科技大学 一种基于第三方的用户及文件的密钥产生管理方法
CN106529308A (zh) * 2015-09-10 2017-03-22 深圳市中兴微电子技术有限公司 一种数据加密方法、装置及移动终端
CN108768638A (zh) * 2018-06-01 2018-11-06 北京爱普安信息技术有限公司 一种消息加密的方法及装置
CN108900533A (zh) * 2018-08-01 2018-11-27 南京荣链科技有限公司 一种共享数据隐私保护方法、系统、终端及介质
CN110032874A (zh) * 2019-01-31 2019-07-19 阿里巴巴集团控股有限公司 一种数据存储方法、装置及设备

Also Published As

Publication number Publication date
CN110032874A (zh) 2019-07-19
TW202031010A (zh) 2020-08-16

Similar Documents

Publication Publication Date Title
US11716195B2 (en) Facilitating communications using hybrid cryptography
US10142107B2 (en) Token binding using trust module protected keys
US9813247B2 (en) Authenticator device facilitating file security
WO2020155812A1 (fr) Procédé et dispositif de stockage de données, et appareil
CN106716914B (zh) 用于漫游的受保护内容的安全密钥管理
CN107113286B (zh) 跨设备的漫游内容擦除操作
TWI601405B (zh) 用於雲端輔助式密碼術之方法及設備
US9465947B2 (en) System and method for encryption and key management in cloud storage
CN106664202B (zh) 提供多个设备上的加密的方法、系统和计算机可读介质
US8509449B2 (en) Key protector for a storage volume using multiple keys
TWI578749B (zh) 用於遷移金鑰之方法及設備
US10187373B1 (en) Hierarchical, deterministic, one-time login tokens
US20180091487A1 (en) Electronic device, server and communication system for securely transmitting information
US10057060B2 (en) Password-based generation and management of secret cryptographic keys
US11245527B2 (en) Secure distribution networks
US20120294445A1 (en) Credential storage structure with encrypted password
CN109672521B (zh) 基于国密加密引擎实现的安全存储系统和方法
CN110868291B (zh) 一种数据加密传输方法、装置、系统及存储介质
US20180063105A1 (en) Management of enciphered data sharing
WO2020123926A1 (fr) Systèmes informatiques décentralisés et procédés pour effectuer des actions à l'aide de données privées stockées
KR20220039779A (ko) 강화된 보안 암호화 및 복호화 시스템
US10785193B2 (en) Security key hopping
US11290277B2 (en) Data processing system
US10699021B2 (en) Method and a device for secure storage of at least one element of digital information, and system comprising such device
US11831407B1 (en) Non-custodial techniques for data encryption and decryption

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19912603

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19912603

Country of ref document: EP

Kind code of ref document: A1